VARIoT latest news about IoT security

Swarm Intelligence May Be Just the Ticket for Improved Network & Device Security Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 18, 2021, 3 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

mesh

model:

mesh

db:

NVD

ids:

CVE-2021-42292, CVE-2021-43208, CVE-2021-43209, CVE-2021-42321, CVE-2021-42298, CVE-2021-41371, CVE-2021-38631, CVE-2021-26443

Apple hits the alarm with multi-OS emergency update to patch zero-click flaw \| Computerworld Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Sept. 14, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	watchos
vendor:	apple	model:	macos

When will my Samsung Galaxy phone get a security update? - SamMobile Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 2, 2021, 8:58 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	galaxy j7 duo
vendor:	samsung	model:	note
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	galaxy s8
vendor:	samsung	model:	galaxy a7
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	j7 duo
vendor:	samsung	model:	galaxy s10
vendor:	samsung	model:	samsung
vendor:	samsung	model:	note 10
vendor:	samsung	model:	galaxy j4
vendor:	samsung	model:	galaxy j6
vendor:	samsung	model:	galaxy s9
vendor:	samsung	model:	galaxy j3
vendor:	samsung	model:	galaxy note
vendor:	google	model:	android

Security Vulnerabilities Found in BusyBox Could Lead to DoS Attacks Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, 2:55 p.m.	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42378, CVE-2021-42379, CVE-2021-42381, CVE-2021-42386, CVE-2021-42374, CVE-2021-42380, CVE-2021-42384, CVE-2021-42375, CVE-2021-42377, CVE-2021-42382, CVE-2021-42373, CVE-2021-42376, CVE-2021-42383, CVE-2021-42385

A set of vulnerabilities in TCP/IP stacks could leave millions of connected medical devices open to attack - Cyber Security Review Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: -

Affected products	External IDs

Citrix Products Multiple Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202112-0296, VAR-202112-0297 Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-22956, CVE-2021-22955

"Trojan Source" technique can conceal vulnerabilities in code. BlackMatter affiliate uses custom tool for data exfiltration. Android malware gains root access. Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 20, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2021-42574, CVE-2021-30892

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products Related entries in the VARIoT vulnerabilities database: VAR-202110-0579 Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 18, 2021, midnight	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2021-29873

3 Medium Severity Vulnerabilities Identified in Philips MRI Solutions Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, 1:22 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-3084, CVE-2021-3083, CVE-2021-3085

Exploit Files ≈ Packet Storm Trust: 4.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 17, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42237, CVE-2021-38146, CVE-2021-42580, CVE-2021-38294, CVE-2020-28328, CVE-2021-43140, CVE-2021-22205, CVE-2021-35323, CVE-2020-16152, CVE-2021-43397, CVE-2021-22204, CVE-2021-26795, CVE-2021-24664, CVE-2021-42840

USN-5009-2: libslirp vulnerabilities Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 27, 2021, 6:13 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-3595, CVE-2021-3594, CVE-2021-3592, CVE-2020-29130, CVE-2020-29129, CVE-2021-3593

Vulnerabilities in NPM allowed threat actors to publish new version of any package \| The Daily Swig Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 17, 2021, 2:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

node.js

model:

node.js

AMD EPYC Processors Hit by 22 Security Vulnerabilities, Patch is Already Out \| TechPowerUp Forums Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

SCHNEIDER

ids:

SB950

How Telecom Providers Can Prevent IoT Attacks \| Toolbox Tech Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 26, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

mesh

model:

mesh

Samsung monthly updates: November 2021 security patch details released - SamMobile Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 2, 2021, 7:35 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung
vendor:	samsung	model:	galaxy s10

Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating \| Ars Technica Trust: 5.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 12, 2022, midnight	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	pan-os
vendor:	palo	model:	palo alto networks
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	pan-os

db:

NVD

ids:

CVE-2021-3064

Apple rushes to block 'zero-click' iPhone spyware - BBC News Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Sept. 14, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Device security \| Cloud IoT Core Documentation \| Google Cloud Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

25th October - Threat Intelligence Report - Check Point Research Trust: 4.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 25, 2021, 12:13 p.m.	Vulnerabilities: code execution, memory corruption

Affected products

External IDs

vendor:	google	model:	android
vendor:	check point	model:	check point

db:

NVD

ids:

CVE-2021-41355, CVE-2017-11882, CVE-2020-0951

CVE - CVE-2021-40114 Related entries in the VARIoT vulnerabilities database: VAR-202110-1353 Trust: 5.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco systems
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco systems
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2021-40114

VARIoT news about IoT security